L2TP connection while active IPsec VPN
I'm new to WatchGuard and also to the community and would like to start with a question about IPsec in combination with L2TP.
For a better understanding, I use fantasy IPs and names to better describe the problem.
We have two branches over here:
- Branch A with a firebox and a public IP address of 126.96.36.199
- Branch B with a firebox and public IP address 188.8.131.52
For branch A also L2TP Mobile Client VPN is configured --> reachable at vpn.address.com (using the same public IP address 184.108.40.206) where 10.10.10.0/24 is configured as internal subnet.
Clients which want to connect to the VPN receive an IP address within this subnet by the firebox.
Branch A and B are connected with each other via an IPsec VPN tunnel (using the IPs 220.127.116.11 and 18.104.22.168 for Phase 1 of the IPsec VPN) for other business cases.
The access on both sides of the VPN to the different subnets is working well.
Now a client of branch B needs to connect to the L2TP subnet of branch A. I think a possible way to realize this, is to make sure that the client doesn't use the IPSec VPN but using the public internet connection to reach 10.10.10.0/24 while connecting to vpn.address.com. As the external interface (internet) is using the same IP 22.214.171.124 as the VPN (vpn.address.com) I'm not sure on how to configure this without disturbing the communication on the part of the IPSec VPN.
Do you guys get what I'm talking about and do you have an idea on how to configure this properly?
Path the connection should take (in my opinion):
Client of Branch B: 192.168.10.10 --> connect to vpn.address.com --> establish connection to vpn.address.com: 126.96.36.199 trough the internet --> forward the client request to 10.10.10.0/24 --> receive an IP address within this subnet --> connected
If it's possible to share a screenshot with you I can also sketch it for you.
Thank you very much.